Security is often described as a continuum between convenience and safety. A system that requires ten layers of authentication may be very difficult to attack, but it may also be so inconvenient that it will never be used. At the opposite end, a system with no means of authentication or authorization is highly convenient for users but also highly insecure. A growing number of online services now use multi-factor authentication (MFA) systems that involve some combination of a username or email address, a password, and a cryptographic authentication code generated by an additional device owned by the user. Keeping track of a physical device and/or a special application for each online service may be frustrating for users. Frustration often leads to poor security measures, such as password re-use and storing physical tokens in insecure areas. A growing number of users are avoiding the hazards of password re-use and the difficulties of keeping track of a large number of passwords by using password managers or credential vaults.
Many traditional systems for credential vaults are only capable of storing a username and password for each online service and may not be able to store or otherwise access the token that generates the cryptographic authentication code. These traditional systems may not be able to fully automate the login process of online services that use MFA. Accordingly, the instant disclosure identifies and addresses a need for additional and improved systems and methods for creating credential vaults that use multi-factor authentication to automatically authenticate users to online services.